eBook OR

[OR] [P2] [S3] [ITo] [C8] Scenario-Based Calibration of Impact Tolerance

Written by Moh Heng Goh | May 8, 2026 9:48:30 AM

[P2] [S3] Chapter 8

Scenario-Based Calibration of Impact Tolerance

Introduction

Defining impact tolerance is only the first step. The real test of its effectiveness lies in whether the organisation can operate within those tolerances under stress.

Without validation, impact tolerances risk being theoretical, overly optimistic, or misaligned with real-world disruption dynamics.

Scenario-based calibration ensures that tolerances are realistic, evidence-based, and defensible. It enables organisations to simulate disruptions, observe how impacts evolve, and determine whether existing capabilities are sufficient to prevent breaches.

This chapter focuses on how to use structured scenarios—particularly Severe but Plausible Scenarios (SuPS)—to test, validate, and refine impact tolerances.

 

Purpose of the Chapter

The purpose of this chapter is to:

  • Ensure that impact tolerances are realistic and achievable
  • Introduce the concept and application of Severe but Plausible Scenarios (SuPS)
  • Guide on selecting and designing relevant disruption scenarios
  • Demonstrate how to assess time-based service degradation
  • Enable organisations to test tolerance limits under stress conditions

Severe but Plausible Scenarios (SuPS)

Scenario-based calibration is anchored on the concept of Severe but Plausible Scenarios (SuPS).

Definition

A Severe but Plausible Scenario is:

A disruption event that is sufficiently severe to challenge the organisation’s resilience, yet credible based on its operating environment, historical incidents, and emerging risks.

Characteristics of Effective SuPS

Effective scenarios should be:

Characteristic

Description

Severe

Capable of significantly disrupting critical services

Plausible

Realistic given organisational context and external environment

Relevant

Directly linked to the identified CBS and dependencies

End-to-End

Reflect a full service delivery chain, not isolated components

Measurable

Allow impact to be assessed against defined tolerance thresholds
Purpose of SuPS in Impact Tolerance

SuPS are used to:

  • Validate whether the organisation can remain within defined tolerances
  • Identify hidden vulnerabilities and interdependencies
  • Stress-test operational, technological, and organisational capabilities
  • Provide evidence for regulatory and governance review

Scenario Types for Calibration

Organisations should develop a diverse set of scenarios that reflect key risk domains.

Technology Failure

Technology disruptions are among the most common and impactful scenarios.

Examples:

  • Core banking system outage
  • Payment processing system failure
  • Data centre outage
  • Network connectivity disruption

Impact Considerations:

  • Immediate service unavailability
  • Transaction processing delays
  • Data synchronisation issues
  • Dependency on backup systems
Cyber Attack

Cyber incidents can escalate rapidly and affect multiple services simultaneously.

Examples:

  • Ransomware attack encrypting core systems
  • Distributed Denial-of-Service (DDoS) attack on digital channels
  • Data breach affecting customer records
  • Malware disrupting transaction processing

Impact Considerations:

  • Extended system downtime
  • Data integrity concerns
  • Regulatory reporting obligations
  • Reputational damage
Third-Party Disruption

Modern organisations rely heavily on external providers.

Examples:

  • Cloud service provider outage
  • Payment gateway failure
  • Telecommunications disruption
  • Vendor system compromise

Impact Considerations:

  • Limited control over recovery timelines
  • Cascading failures across multiple CBS
  • Contractual and SLA limitations
  • Concentration risk
Pandemic / People Unavailability

People-related disruptions can significantly affect operational capacity.

Examples:

  • Pandemic is causing widespread staff absenteeism
  • Industrial action or labour disruption
  • Travel restrictions limiting workforce mobility
  • Loss of key personnel or specialised roles

Impact Considerations:

  • Reduced processing capacity
  • Increased operational backlog
  • Dependence on cross-trained staff
  • Challenges in manual workaround execution

Time-Based Degradation Analysis

A key component of scenario-based calibration is understanding how impact evolves.

Impact tolerance is not static—it reflects the point at which disruption becomes unacceptable.

Typical Degradation Profile

Time Elapsed

Service Condition

Impact Level

0–30 minutes

Initial disruption, alerts triggered

Low

30 minutes–2 hours

Transaction delays, increased customer enquiries

Moderate

2–4 hours

Significant backlog, customer dissatisfaction

High

4–8 hours

Potential tolerance breach, regulatory concern

Very High

8–24 hours

Severe disruption, financial and reputational damage

Extreme
Key Observations
  • Impact is non-linear: escalation often accelerates after a threshold
  • Customer harm increases rapidly after a few hours for critical services
  • Operational strain accumulates, making recovery more complex
  • Manual workarounds degrade over time due to fatigue and volume
Application in Calibration

For each scenario, organisations should:

  1. Track how the CBS performs over time
  2. Compare actual performance against defined tolerance thresholds
  3. Identify the point at which tolerance is breached or at risk

This enables calibration of whether the defined tolerance is:

  • Too lenient (risk of excessive harm)
  • Too strict (unrealistic or unachievable)
  • Appropriate (aligned with capability and expectations)

Testing Tolerance Limits Under Stress

Scenario testing should explicitly assess whether the organisation can remain within impact tolerance.

Key Testing Questions
  • Can the CBS continue operating within tolerance limits?
  • How long does it take before thresholds are approached or breached?
  • Which dependencies fail first?
  • Are backup systems and recovery strategies effective?
  • Do manual workarounds sustain operations?
  • Are escalation and crisis management processes timely and effective?
Example Scenario Assessment

Scenario

CBS

Tolerance

Observed Outcome

Result

Core Banking Outage

Deposit Services

4 hours MTD

Recovery in 5 hours

Breach

Payment Gateway Failure

Payments Services

2 hours MTD

Recovery in 1.5 hours

Within Tolerance

Cloud Provider Outage

Digital Banking

3 hours MTD

Recovery in 4 hours

Breach

Pandemic Absenteeism

Operations Processing

70% capacity

Operated at 60%

Breach
Interpretation
  • Breaches indicate gaps in resilience capability
  • Near-breaches indicate risk of future failure under slightly worse conditions
  • Successful outcomes provide confidence and validation

Calibration and Refinement of Tolerance

Scenario testing results should be used to refine impact tolerances.

Calibration Actions

Scenario Outcome

Calibration Action

Tolerance consistently breached

Strengthen resilience capabilities or revise tolerance

Tolerance nearly breached

Enhance controls and monitoring

Tolerance easily met

Consider tightening the tolerance if appropriate

Unrealistic tolerance identified

Reassess based on practical capability
Balancing Considerations

Calibration must balance:

  • Customer expectations (minimise harm)
  • Operational feasibility (realistic capabilities)
  • Regulatory expectations (compliance and defensibility)
  • Cost of resilience investment

Integration with Scenario Testing

Scenario-based calibration is closely linked to Operational Resilience Phase 2 – Stage 4: Scenario Testing

Stage

Role in Calibration

Identify CBS

Defines the scope of testing

Map Dependencies

Identifies failure points

Set Impact Tolerance

Defines thresholds

Scenario Testing

Validates and calibrates tolerances

Improvement

Drives remediation actions

Scenario testing provides the evidence base for refining tolerances.

Common Challenges in Scenario-Based Calibration

Challenge

Description

Overly simplistic scenarios

Fails to capture real-world complexity

Lack of data

Difficulty quantifying impact accurately

Siloed testing

Does not reflect end-to-end service impact

Underestimating interdependencies

Misses cascading failures

Unrealistic assumptions

Leads to invalid conclusions

Limited stakeholder involvement

Results lack credibility

Best Practices

To ensure effective calibration:

  • Use cross-functional workshops to design scenarios
  • Incorporate historical incidents and near misses
  • Include third-party and ecosystem dependencies
  • Simulate prolonged disruptions, not just short-term outages
  • Test multiple concurrent disruptions where relevant
  • Document assumptions, outcomes, and lessons learned
  • Align with regulatory expectations and audit requirements

Scenario-based calibration is essential to ensure that impact tolerances are not merely theoretical but grounded in operational reality.

By applying Severe but Plausible Scenarios, organisations can test how disruptions unfold, understand how impact escalates over time, and determine whether they can truly operate within defined thresholds.

This process transforms impact tolerance from a static definition into a dynamic, evidence-based capability.

It enables organisations to identify weaknesses, prioritise improvements, and demonstrate to regulators that their resilience framework is both credible and effective.

In the next chapter, we will examine how to embed impact tolerance into governance, monitoring, and reporting, ensuring that it becomes an integral part of day-to-day resilience management rather than a one-time exercise.

C1 C2 C3 C4 C5 C6
C7 C8 C9 C10 C11 C12 
C13 C14 C15 C16 C17 C18

 

More Information About OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-300 Operational Resilience Implementer course and the OR-5000 Operational Resilience Expert Implementer course.

If you have any questions, click to contact us.

 
View full post